How to prevent a ransomware attack? A people-centric approach
International Cybersecurity Strategist at Proofpoint
Article published 27 July 2021
BSI are global partners with industry-leading cybersecurity and compliance company Proofpoint
Preventing ransomware via email is relatively straightforward: block the loader, and you block the ransomware. This means reliable detection of first-stage malware like The Trick, Dridex, or Buer Loader, traditionally banking trojans and downloaders. But how straightforward is that?
According to Proofpoint, a BSI technology partner, data, banking trojans – often used as ransomware loaders – represented almost 20% of malware observed in identified campaigns in the first half of 2021 and is the most popular malware type Proofpoint sees in the landscape.
Organizations nowadays are more vulnerable than ever. Lengthy processes, legacy issues and systems in need of constant update result in multiple threat vectors that attacker can leverage.
In a recent webinar, BSI discussed how organizations across the world need not only to protect themselves against threats, but also to understand where the threat comes from and how to adopt a preventative approach.
Traditional legacy mail gateways; web filters, and antivirus software should be updated and running on all networks. But they alone cannot counter the ransomware threat. An effective email security solution must go deeper. Because email is the initial infection point for most ransomware, you need advanced solutions that protect this critical vector.
How to adopt a ‘prevention first’ process against ransomware attacks?
By analysing embedded URLs and attachments, for example, to ensure no malicious content breaches the system as well as detecting and blocking credential phishing.
Cyber attackers are always one step ahead, and typical email security configurations rely far too heavily on outdated signatures.
Email accounts can be compromised in a few ways. Automated brute-force attacks are one of the most common examples, where attackers try countless username/password combination until something works. This is especially critical since it’s well known that users often reuse passwords across accounts and credential-stealing malware.
Securing users’ cloud accounts is a critical part of protecting against ransomware attacks and this must include monitoring for suspicious access attempts and unusual behaviour as well as employee security awareness training. One key requirement of a successful email-based attack are people – Proofpoint data shows that more than 99% of threats seen in 2020 required a person to interact to activate the threat.
That’s why employee training and awareness is critical. Your people should know what to do, what not to do, how to avoid ransomware, and how to report it. If anyone receives a ransomware demand, they should know to immediately report it to the security team—and never, ever try to pay on their own.
Payment of a ransomware may carry serious brand reputation and security ramifications. This decision should be weighed carefully by upper-level management with advice of legal counsel.
Ransomware attacks play on the user’s lack of awareness. They usually require people to open malicious document attachments, download and open or execute documents or scripts, or take some other action. Once users click the “Enable Content” button to turn on macros in a malicious document, for example, it downloads malware and starts the attack process.
Ensuring effective training teaches users about real-world attack techniques and campaigns. And it incorporates the latest threat intelligence to make users aware of the threats they’re most likely to face. Phishing simulations can identify users who are especially prone to falling for ransomware and other attack tactics.
As long as cyber criminals can find a way to make money from it, ransomware will continue to be one of the top threats facing organizations.
To counter this cybersecurity needs to be people-centric. It makes users more resilient through awareness training based on real-world attack techniques. It identifies and kills ransomware targeting your people. And it contains threats and helps organization respond quickly and effectively when something goes wrong.
For more information on the techniques, lures and a step-by-step guide in mitigating ransomware risk is available in the 2021 Ransomware Survival Guide.
International Cybersecurity Strategist at Proofpoint
Richard Davis is International Cybersecurity Strategist at Proofpoint, where he drives the product marketing and cyber security strategy across EMEA. He is also responsible for the enablement of Proofpoint’s sales teams and channel partners across the EMEA market. He provides expertise on key regional cybersecurity strategies such as people-centric security, risk management, data privacy, and threat management.
Davis is a seasoned cybersecurity professional with over 20 years’ experience and is passionate about helping organisations protect their people. He previously held the role of Principal Architect at Proofpoint. Prior to Proofpoint, he worked as a Manager and Application Developer at IT company, AN4 Group Ltd.
Davis holds a BSc (Hons) in Engineering from the University of Exeter.
This blog post was co-authored by:
Global MD, Digital Trust, Consulting Services, BSI
Mark joined BSI in February 2021 and is responsible for overall driving the growth of the Consulting Services business stream – Cybersecurity and Information Resilience – at a global level, harnessing a key focus on the Internet of Things (IoT) strategy and how BSI can help clients bridge their cybersecurity and data governance challenges.
Mark has more than 25 years of expertise in cybersecurity, data privacy and business resilience consultancy. He has previously held leadership roles at Wipro Ltd., and Ernst & Young (EY), amongst others. He brings a wealth of knowledge including extensive proficiency on the Internet of Things (IoT) and the expanding cybersecurity marketplace having worked for Fortune 10 and Fortune 500 firms as Global CISO and Global clients across numerous sectors and industry verticals from Consumer Products, Retail/ eCommerce, Legal, Oil and Gas, Mining, Technology, Media, Manufacturing, IT and Real Estate.